Skip to content

Commit

Permalink
[Telemetry][Security Solution] Enrich endpoint alerts with license in…
Browse files Browse the repository at this point in the history
…fo (elastic#188760)

(cherry picked from commit aa6aa26)
  • Loading branch information
szaffarano committed Jul 22, 2024
1 parent 674b3ab commit f5ba018
Show file tree
Hide file tree
Showing 5 changed files with 42 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ const asyncUnlink = Util.promisify(Fs.unlink);
*/
export async function eventually<T>(
cb: () => Promise<T>,
duration: number = 60000,
interval: number = 1000
duration: number = 120000,
interval: number = 3000
) {
let elapsed = 0;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -262,7 +262,7 @@ describe('telemetry tasks', () => {
// wait until the events are sent to the telemetry server
const body = await eventually(async () => {
const found = mockedAxiosPost.mock.calls.find(([url]) => {
return url.startsWith(ENDPOINT_STAGING) && url.endsWith('alerts-endpoint');
return url.startsWith(ENDPOINT_STAGING) && url.endsWith(TelemetryChannel.ENDPOINT_ALERTS);
});

expect(found).not.toBeFalsy();
Expand All @@ -273,6 +273,25 @@ describe('telemetry tasks', () => {
expect(body).not.toBeFalsy();
expect(body.Endpoint).not.toBeFalsy();
});

it('should enrich with license info', async () => {
await mockAndScheduleEndpointDiagnosticsTask();

// wait until the events are sent to the telemetry server
const body = await eventually(async () => {
const found = mockedAxiosPost.mock.calls.find(([url]) => {
return url.startsWith(ENDPOINT_STAGING) && url.endsWith(TelemetryChannel.ENDPOINT_ALERTS);
});

expect(found).not.toBeFalsy();

return JSON.parse((found ? found[1] : '{}') as string);
});

expect(body).not.toBeFalsy();
expect(body.license).not.toBeFalsy();
expect(body.license.status).not.toBeFalsy();
});
});

describe('endpoint-meta-telemetry', () => {
Expand Down Expand Up @@ -679,8 +698,7 @@ describe('telemetry tasks', () => {
expect(body.file).toStrictEqual(alertsDetectionsRequest.file);
});

// Flaky: https://github.com/elastic/kibana/issues/188234
it.skip('should manage runtime errors searching endpoint metrics', async () => {
it('should manage runtime errors searching endpoint metrics', async () => {
const errorMessage = 'Something went wront';

async function* mockedGenerator(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import { TelemetryChannel, TelemetryCounter } from './types';
import * as collections from './collections_helpers';
import { CachedSubject, retryOnError$ } from './rxjs_helpers';
import { SenderUtils } from './sender_helpers';
import { newTelemetryLogger } from './helpers';
import { copyLicenseFields, newTelemetryLogger } from './helpers';
import { type TelemetryLogger } from './telemetry_logger';

export const DEFAULT_QUEUE_CONFIG: QueueConfig = {
Expand Down Expand Up @@ -291,6 +291,14 @@ export class AsyncTelemetryEventsSender implements IAsyncTelemetryEventsSender {
};
}

if (event.channel === TelemetryChannel.ENDPOINT_ALERTS) {
const licenseInfo = this.telemetryReceiver?.getLicenseInfo();
additional = {
...additional,
...(licenseInfo ? { license: copyLicenseFields(licenseInfo) } : {}),
};
}

event.payload = {
...event.payload,
...additional,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,8 @@ export interface ITelemetryReceiver {

fetchClusterInfo(): Promise<ESClusterInfo>;

getLicenseInfo(): Nullable<ESLicense>;

fetchLicenseInfo(): Promise<Nullable<ESLicense>>;

closePointInTime(pitId: string): Promise<void>;
Expand Down Expand Up @@ -248,6 +250,7 @@ export class TelemetryReceiver implements ITelemetryReceiver {
private getIndexForType?: (type: string) => string;
private alertsIndex?: string;
private clusterInfo?: ESClusterInfo;
private licenseInfo?: Nullable<ESLicense>;
private processTreeFetcher?: Fetcher;
private packageService?: PackageService;
private experimentalFeatures: ExperimentalFeatures | undefined;
Expand Down Expand Up @@ -280,6 +283,7 @@ export class TelemetryReceiver implements ITelemetryReceiver {
this.soClient =
core?.savedObjects.createInternalRepository() as unknown as SavedObjectsClientContract;
this.clusterInfo = await this.fetchClusterInfo();
this.licenseInfo = await this.fetchLicenseInfo();
this.experimentalFeatures = endpointContextService?.experimentalFeatures;
const elasticsearch = core?.elasticsearch.client as unknown as IScopedClusterClient;
this.processTreeFetcher = new Fetcher(elasticsearch);
Expand All @@ -291,6 +295,10 @@ export class TelemetryReceiver implements ITelemetryReceiver {
return this.clusterInfo;
}

public getLicenseInfo(): Nullable<ESLicense> {
return this.licenseInfo;
}

public getAlertsIndex(): string | undefined {
return this.alertsIndex;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,10 @@
import type { Logger } from '@kbn/core/server';
import { newTelemetryLogger, getPreviousDiagTaskTimestamp } from '../helpers';
import type { ITelemetryEventsSender } from '../sender';
import type { TelemetryEvent } from '../types';
import { TelemetryChannel, type TelemetryEvent } from '../types';
import type { ITelemetryReceiver } from '../receiver';
import type { TaskExecutionPeriod } from '../task';
import type { ITaskMetricsService } from '../task_metrics.types';
import { TELEMETRY_CHANNEL_ENDPOINT_ALERTS } from '../constants';
import { copyAllowlistedFields, filterList } from '../filterlists';

export function createTelemetryDiagnosticsTaskConfig() {
Expand Down Expand Up @@ -65,7 +64,7 @@ export function createTelemetryDiagnosticsTaskConfig() {
log.l('Sending diagnostic alerts', {
alerts_count: alerts.length,
});
await sender.sendOnDemand(TELEMETRY_CHANNEL_ENDPOINT_ALERTS, processedAlerts);
sender.sendAsync(TelemetryChannel.ENDPOINT_ALERTS, processedAlerts);
}

await taskMetricsService.end(trace);
Expand Down

0 comments on commit f5ba018

Please sign in to comment.